From mboxrd@z Thu Jan 1 00:00:00 1970 From: Fabio M. Di Nitto Date: Fri, 15 Apr 2011 17:24:55 +0200 Subject: [Cluster-devel] [PATCH] resource-agents: Fix nfs mount contexts In-Reply-To: <1302880698-2324-1-git-send-email-lhh@redhat.com> References: <1302880698-2324-1-git-send-email-lhh@redhat.com> Message-ID: <4DA86347.4040205@redhat.com> List-Id: To: cluster-devel.redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit ACK?ed. Fabio On 4/15/2011 5:18 PM, Lon Hohberger wrote: > - check for SELinux enabled > - grab the installed distribution's SELinux label for > /var/lib/nfs/statd > - chcon / restorecon using that label (restorecon should be enough, > but it seems to not work across bind mounts) > > Resolves: rhbz#635828 > > Signed-off-by: Lon Hohberger > --- > rgmanager/src/resources/nfsserver.sh | 12 +++++++++++- > 1 files changed, 11 insertions(+), 1 deletions(-) > > diff --git a/rgmanager/src/resources/nfsserver.sh b/rgmanager/src/resources/nfsserver.sh > index 17f472d..f7b6b7a 100644 > --- a/rgmanager/src/resources/nfsserver.sh > +++ b/rgmanager/src/resources/nfsserver.sh > @@ -16,6 +16,14 @@ export LC_ALL LANG PATH > > . $(dirname $0)/ocf-shellfuncs > > +# SELinux information > +which restorecon &> /dev/null && selinuxenabled > +export SELINUX_ENABLED=$? > +if [ $SELINUX_ENABLED ]; then > + export SELINUX_LABEL="$(ls -ldZ /var/lib/nfs/statd | cut -f4 -d' ')" > +fi > + > + > log_do() > { > ocf_log debug $* > @@ -222,6 +230,8 @@ create_tree() > [ -f "$fp/xtab" ] || touch "$fp/xtab" > [ -f "$fp/rmtab" ] || touch "$fp/rmtab" > > + [ $SELINUX_ENABLED ] && chcon -R "$SELINUX_LABEL" "$fp" > + > # > # Generate a random state file. If this ends up being what a client > # already has in its list, that's bad, but the chances of this > @@ -306,7 +316,7 @@ setup_tree() > > mount -o bind "$fp/statd" /var/lib/nfs/statd > cp -a "$fp"/*tab /var/lib/nfs > - restorecon /var/lib/nfs > + [ $SELINUX_ENABLED ] && restorecon /var/lib/nfs > } > >